Just another WordPress.com site

“Golden” Arguments

I’m not here to debate about the “best” method to create a Golden Image. It will all entirely depend on your organization’s processes/policies and standards you have devised. This is hopefully just a guide to show you where I discovered a couple “gotchas” during my “Golden Image Build”, in the hopes that you will be able to use the information to your advantage on your way down your very own “Golden” Path…

What makes this post different?

Well, probably not much, really, not inventing a new wheel or anything…big deal…wannafightaboudit?

In all reality, this is another blog more or less for my reference later when I actually get to start working on building out Server 2012 templates where I am employed. I have read multiple articles on building a “Golden Image” or “Golden Copy” of a VMWare guest VM, and will try to cite them wherever and often. This article is more or less the compilation of ALL those sources, giving me one place to find the info vs. spending another 10+ hours of reading and researching and testing (need we even mention documenting?).

I figured until I needed it again I could share the info I found useful to other people in the hopes to save them the time I had to spend connecting all the dots…

Requirements

BEFORE proceeding please make sure you have the following items handy:

* 8 I had issues with, but on the guide I mention later on building a 2012 VM Guest the author of that article was able to get it working. I switched to 9.0 and had no issues, so that’s what anything I’m doing in this article is based off of…

In any case, once you have the OS installed it’s time to log in. First thing you’ll notice is the login screen is akin to Windows 8. Oh, what fun we will have…

Once you’re logged in you’re going to see the tile setup that you do in Windows 8. We’ll come back to this. For now just click the Desktop tile.

Give the desktop a minute to load and wait for the Server Manager to appear. The very first thing I want to do is update this bad boy. This is how I got to the Windows Update Configuration screen (pictured below):

Click the Local Server(1) menu item on the left panel, and under the main Properties Info Box, use the scrollbar to slide all the way to the right(2), so you can see your Windows Update settings. Click the link for Windows Update Not Configured(3) to open the Windows Update settings.

Step 1: Windows Updates

Disclaimer : Personal Rant

[ Rant ]

Some may think the patch process I describe below is slower (or pointless). But for myself at least, I have found this prevents me from wasting time on troubleshooting why updates ‘y’ or ‘z’ didn’t install correctly during a “multi batch patch session” with a new image. Usually the culprit turned out to be something along the lines of “update ‘x’ was a dependancy but hadn’t fully completed IT’S OWN install operation on the prior reboot”.

Therefore, the “broken” updates actually were working just as intended, and were simply waiting for the dependency to get completely installed! I found through trial and error that if I simply shut down the machine and then powered it backup during these “batch update installs”, it sort of kicked it into forcing the completion of the updates upon the following boot up.

Note: I’ve only experienced this in a virtual environment so that may have something to do with it as well…in any case, my update methodology described below may just simply be my own personal SysAdmin voodoo, so take it or leave it as a practice…

[ /Rant ]

Updates – Patching Process

I’ve tried to offer a visual matrix of the way I do “patching from scratch” below:

* Will vary depending on your roles/features that you have installed per your requirements

The main gist of it is thus:

Updates – First Update Set

The top row of the above picture will show you that on my first round of “core-OS updates”, my scan resulted in 24 updates and a total of 300 MB to download:

After they finished installing I did NOT restart as suggested. Instead, I used the keystroke Win+i to pull up the settings and “charms” on the right side of the screen, and shut down the OS completely (below)

Do two cycles of updates, then continue below…

Updates – After 2nd Pass, Install Roles / Features

Just follow the matrix down the list. After step 2, it’s time to install your Roles/Features as per your requirements. Keep repeating the cycle after installing the roles until you do a scan and come back with no updates. This seems to have allowed me the best success rate with no troubleshooting necessary.

HINT:

Later on, I am going to provide a link to a page that talks about nice customizations for the “new to you” Server 2012 admin, as a way to keep around some of the more familiar icons and shortcuts. For some of the items discussed in that article to be enabled, you’ll need to at this time add the “Desktop Experience” feature (shown below).

Please note: this also installs the Windows Store, so just be aware. I’m in my own lab so I’m not being very “big brother” on myself yet…

Oh, and this is for people who aren’t tied to WSUS or whatever and are just pulling updates down from the Internet. I still use the methods at work similar to this, but the number of updates and patches will be different most likely as it would be driven by your patching compliance SLA and other such policy documents.

Step 2: Customize Your Environment

I could go into great detail about hundreds of different ways to tweak your UI, but I would then be re-inventing the wheel.
With that said, I HIGHLY suggest that even if you don’t want to go overboard with customizations, that you still take a few minutes to review the excellent article on Windows Server 2012 Customizations by Jason Boche. Go through and cherry pick your favs.

One thing I noticed that was missing from the list though was how to get the old favorites like “always show menu” and “show file extensions” options. The thing you’ll need to get used to is that Windows Explorer has a ribbon type interface akin to the Office Suite (pictured below):

So after finishing adding my customizations, the last thing I wanted to add is BGInfo so I could still have some critical information in a familiar spot until I become more comfortable with navigation Server 2012. Perhaps then I will find it less challenging, but until then, I’ll stick with ol’ reliable…

Step 3: BGInfo on Server 2012

I don’t know if it’s something I’m not doing, but I had a heck of a time getting bginfo working. Ultimately it was failing to update the background info when using Local Security Policy to add a startup script

I ended up taking the slightly different approach of changing permissions on the BGI folder so Users had Modify rights to the folder and it’s contents (shown below):

And that was that!!! It took two reboots to start working but then I was getting refreshed backgrounds on every log in. (shown below):

It looks like I need to break this out into a 2-parter…so in Part 2 I will continue the process, and begin the sysprepping of the machine. This is where I was having the most issues…I’ll post that either tomorrow night or the following!